On Thu, 09 Oct 2003 10:34:12 +0200 Tarjei Huse <[EMAIL PROTECTED]> wrote:
TH> Hi, TH> The Securing Debian manual suggest one should set the /usr partition TH> to ro and use remount when you install new programs. TH> I was just wondering how much security one gains with this. Wouldn't TH> most hackers go after the programs in the /bin and /sbin directories TH> anyway? Making /usr read-only is not for that kind of security. It will keep your data safe from corruption (soft one, anyway: a disk crash will take anything with it ;-). Besides, you can get a better performance formating it with ext2, since you'll not need journaling. Now, there are ways to mount r-o /bin and /sbin, *and* to disable remounting them rw (unless you reset the box and provide a pass; its a kernel patch or something which's name I can't remember -- but I want to!!). There is some blurb about it here: http://article.gmane.org/gmane.linux.debian.user/114759 And surely in other threads.
